I just started using Google Compute Engine to host a Wordpress site with a .dev tld. I followed this guide(I only followed the default tab, not the wildcard tab) to install an SSL certificate because I'm required to serve my domain under HTTPS.
For a few days now, everything is working fine but I decided to add a sub-domain to host a static page under the same domain. So for example my domain used to be example.dev, I now added subdomain.example.dev but whenever I visit this page, I get a privacy error and wouldn't let me view the page. I've already created virtual hosts for my Apache to know which files to serve. DNS is already set up to use the same IP address when the subdomain is requested because both files are being hosted on the same GCE VM under one static IP address.
My guess here is that I didn't use wildcards and so the certificate is only valid for example.dev and not any other subdomain. I'm new to SSL and it's a topic that I'm not very versed with so I'm a bit stuck.
Anyway, how do I add the subdomain.example.dev to my certificate? I'm looking for an easy solution and also future-proof in case I need to add another subdomain in the near future.
You don't require a wildcard certificate for just a single subdomain. A wildcard certificate is a certificate with a specific hostname, a "wildcard hostname" (e.g. *.example.dev), which is valid for any subdomain. In your case you only require one subdomain (possibly two if you also want to use www.example.dev), which is easily facilitated with certbot.
As you've already added a virtualhost to Apache, it should be as simple as running sudo certbot --apache for a second time. It will ask you again for which hostnames you'd want a certificate. In this case, TWO options should be given instead of just the one earlier. Note that if you would like to have the www subdomain in the certificate too for your "main site", you could add www.example.dev as a ServerAlias to the example.dev virtualhost prior to running certbot. Also note that you need to select all the hostnames which you want in the single certificate, even the one which is already in it.
Thank you - that was the simplest solution I was hoping for. Although I'm not sure I understand why I don't need a wildcard certificate. I actually thought I would need a wildcard in my case. Regardless, thank you so much! All's good now.
Nah, a Let's Encrypt certificate can hold up to 100 hostnames. So 99 subdomains plus the "apex" domain name (i.e. example.dev). Only if you require more subdomains in a single certificate or have other requirements (e.g., keep the subdomains "hidden" for some reason), you'd require a wildcard certificate.